Search for vulnerabilities
| Vulnerability ID | VCID-embn-ntxv-73bh |
| Aliases |
CVE-2010-0172
|
| Summary | Mozilla developer Justin Dolske reported that the new asynchronous Authorization Prompt (HTTP username and password) was not always attached to the correct window. Although we have not demonstrated this, it may be possible for a malicious page to convince a user to open a new tab or popup to a trusted service and then have the HTTP authorization prompt from the malicious page appear to be the login prompt for the trusted page. This potential attack is greatly mitigated by the fact that very few web sites use HTTP authorization, preferring instead to use web forms and cookies.This issue does not affect older versions of Firefox or products based on the Mozilla browser engine, such as Thunderbird and SeaMonkey, using an older version of the engine. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.00535 | https://api.first.org/data/v1/epss?cve=CVE-2010-0172 |
| generic_textual | low | https://www.mozilla.org/en-US/security/advisories/mfsa2010-15 |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2010-0172 | ||
| CVE-2010-0172 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172 | |
| GLSA-201301-01 | https://security.gentoo.org/glsa/201301-01 | |
| mfsa2010-15 | https://www.mozilla.org/en-US/security/advisories/mfsa2010-15 |
| Percentile | 0.67741 |
| EPSS Score | 0.00535 |
| Published At | May 29, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-29T08:27:12.694079+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2010/mfsa2010-15.md | 38.6.0 |